Gyutrange

**Name of the Vulnerable Software and Affected Versions** NamelessMC versions 2.1.4 and prior **Description** The issue allows an authenticated attacker to perform a UI-based denial of service (DoS) by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This occurs because the forum does not restrict the width and height attributes of iframe elements posted by users. **Recommendations** For versions 2.1.4 and prior, update to version 2.2.0 to resolve the issue. As a temporary workaround, consider restricting the use of iframe elements in forum posts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NamelessMC versions 2.1.4 and prior **Description** The issue arises when a malicious user leaves spam comments on many topics. If an administrator deletes the malicious user's account, all their posts along with the associated topics by unrelated users will be marked as deleted. **Recommendations** For versions 2.1.4 and prior, update to version 2.2.0 to resolve the issue.